search

firnsy / barnyard2

Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.
GNU General Public License v2.0
343 stars 189 forks source link

Unified 2 is not populating and barnyard doesn't like to use alert_unified2 #179

Open romans8 opened 8 years ago

romans8 commented 8 years ago
  1. The specified unified 2 log is not being created.
  2. Instead I get the snort.log.date (tcpdump) default and alerts.
  3. snort.conf - output unified2: filename internal.u2, limit 128, vlan_event_types
  4. running snort with sudo /usr/local/bin/snort -D -q -i eth3 -F /etc/snort/internalbpf.filter -c /usr/src/snort-2.9.8.0/etc/snort.conf.internal -u snort
  5. No errors or warnings when grep from /var/log/messages
  6. Running RHEL 6
  7. Installed and compiled from tarball
  8. Snort has rwx for /var/log/snort
  9. Deleted all logs
  10. Since this was installed from a tarball no file /etc/sysconfig/snort exists. - is this needed?
  11. tail -f alerts and snort.log are working great.
  12. output alert_unified2: works